| Amrita Jayakumar |
WASHINGTON (WP-BLOOM) – The last time British spies and mathematicians from Cambridge University joined forces to battle a global enemy was during World War II, to crack the Germans’ enigma code.
Seven decades later, they’ve teamed up with ex-National Security Agency agents this side of the pond to tackle the modern world’s big, unknown threat: Hackers.
Darktrace, a UK cybersecurity company that counts Cambridge machine learning specialists and cyberintelligence experts from GCHQ and MI5 — Britain’s equivalent of the NSA — among its leadership team, is set to open its US headquarters in the Washington region this month.
The private company is funded by an investment firm led by Mike Lynch, the founder of British IT giant Autonomy who became embroiled in an accounting controversy when Hewlett-Packard sought to acquire the company in 2011. Lynch denied wrongdoing and British investigators eventually closed an investigation without bringing charges.
Where Darktrace bills itself as different is in the philosophical approach it takes to protect corporate networks, informed by the government background of its team. The company’s software was designed to get ahead of an attack instead of cleaning up quickly after the fact, said Jim Penrose, a 17-year NSA veteran and Darktrace’s executive vice president of cyber intelligence.
“From the time I started at NSA, I had it drilled into my head — you need to give the action takers enough time so that they can avoid the crisis entirely,” he said. “The best work I’ve ever been involved in never became news.”
Darktrace’s flagship product is the Enterprise Immune System, so named because it mimics the behaviour of the human immune system using algorithms developed by Cambridge mathematicians.
Here’s how it works: When the software is installed by a company, it acts as a sponge, learning the typical behavior of all the users in a network to establish a sense of ‘self’.
The software paints a picture of the company’s routine operations — what time of day employees usually come into work, the files they work with, and whether they’re using their mobile devices or workstations.
Once a baseline has been established, the software looks for anything out of the ordinary — a device that’s trying to access a lot of data, or trying to connect with too many external devices, for example. When a combination of activities looks fishy, it triggers alerts for the company’s IT department.
The idea is simple, and some US companies such as Columbia, Maryland-based Sourcefire (now part of Cisco Systems) and Georgia-based Lancope have similar offerings.
But this spot-the-anomaly approach is somewhat of a departure from the model of cybersecurity in the private sector, experts say.
The prevailing method is to detect an intrusion and then match it to a list of known malware out in the rest of the world — a database of bad guys, if you will.
Companies are still a long way off from being proactive about cybersecurity, said Gary Miliefsky, chief executive of SnoopWall, a mobile counter intelligence software company.
For time and cost reasons, the cybersecurity industry’s goal is to make the matching process as fast and efficient as possible, so that companies can quickly identify malware and minimise their damages.
But what to do when a sophisticated attacker develops a new strain of malware targeted at your business? (This was the case with both the Sony and Anthem hacks, experts say.)
“The industry paradigm is cleaning up well,” Penrose said. “We want to convince folks that it’s worth investing the effort in getting ahead.”
Darktrace has seen a spike in business since the Sony attack, said Nicole Eagan, the company’s chief executive, who also worked at Autonomy.